Refer to the exhibit. A network administrator configures NAT overload on R1 to allow internal hosts in the 10.1.1.0/24 subnet to access the Internet. After the configuration, the administrator runs the show ip nat translations verbose command and notices that several internal sessions all appear to use the same inside global port 1024. The administrator is concerned that port conflicts will occur. Based on the output, which statement is correct?
Each table entry carries the 'extended' flag, which means the translation includes the destination address and port. This allows the same inside global port 1024 to be used simultaneously for different destinations (198.51.100.10:53, 203.0.113.100:443, 203.0.113.200:22). The five‑tuple still uniquely identifies the session, so port conflicts do not occur.
Why this answer
The exhibit shows four dynamic NAT translations, each marked with the 'extended' flag. In extended PAT, the translation table includes the destination IP address and port (the Outside global field). Even though all entries share the same inside global port 1024, each translation has a different Outside global pair (198.51.100.10:53 for UDP, 203.0.113.100:443 and 203.0.113.200:22 for TCP).
Therefore, the five‑tuple (protocol, inside global IP, inside global port, outside global IP, outside global port) remains unique for each session, and no port conflict exists. The 'extended' flag explicitly confirms that the router is using this extended matching logic to allow port reuse.
Exam trap
Option A is the most common trap because candidates often associate a single global port with a missing overload keyword. However, the presence of the 'extended' flag and the different outside destinations in the exhibit demonstrate that PAT overload is active and correctly implemented.
Why the other options are wrong
Candidates think that seeing the same global port means overload is not operating, but port reuse is normal in extended PAT.
Candidates may misinterpret the summary line as a static identity NAT rule that locks all translations to a single port.
Candidates confuse pool exhaustion (no free global addresses) with port reuse. Exhaustion typically manifests as translation failures, not as many entries sharing the same port.